IBM Lotus Protector for Mail Security
Administrator Guide
Version 2.8 Release 2.8.1
Copyright statement
© Copyright IBM Corporation 2006, 2013.
U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Tables
. . . v
About this publication . . . vii
What's new in Version 2.8 . . . vii
Technical support . . . ix
Using Lotus Protector for Mail Security with a command line. . . ix
Chapter 1. Getting started with Lotus
Protector Manager . . . 1
Navigating the Lotus Protector Manager . . . 1
Home page . . . 3 Protection status . . . 3 Assessment status . . . 4 Traffic status . . . 5 Resources status . . . 5 Updates status. . . 6 System status . . . 7
Section A: Recommended tasks . . . 8
Installing license keys . . . 8
Backing up configuration settings . . . 9
Applying mail security updates . . . 10
Configuring the local firewall . . . 10
Defining Administrator email addresses and system notification accounts . . . 11
Section B: Optional tasks . . . 12
Changing passwords for Lotus Protector for Mail Security . . . 12
Changing date and time settings . . . 13
Providing realtime virus scanning services to ICAP-compatible clients . . . 14
Managing network interfaces . . . 14
Routing network traffic . . . 16
Chapter 2. SMTP configuration . . . . 19
Deploying Lotus Protector for Mail Security . . . 19
Configuring SMTP service settings . . . 22
Configuring general SMTP service settings . . . 23
Configuring Transport Layer Security (TLS) settings . . . 26
Defining IP addresses for local domains and relay hosts. . . 27
Configuring a global IP access list . . . 28
Configuring DNSBL settings. . . 29
Configuring Recipient Verification . . . 30
Configuring Zero Level Analysis (ZLA) . . . 31
Configuring the dynamic host reputation filter . . 33
Setting up outgoing email messages from your network . . . 34
Removing undeliverable email messages and SMTP log files from the file system. . . 37
Installation of TLS certificates . . . 37
Uploading SMTP TLS certificates . . . 38
Monitoring mail traffic flow in the delivery queues . . . 42
Chapter 3. Policy configuration . . . . 45
About policy rules . . . 45
Who Objects . . . 46
Verifying Who Objects . . . 47
When Objects. . . 48
Condition Objects . . . 49
Analysis Modules . . . 50
Using spam analysis modules . . . 54
Response Objects . . . 54
Directory Objects . . . 56
Schedule Objects . . . 59
FTP Servers . . . 60
Message storages . . . 61
Searching for messages in a message storage . . 62
Disabling a quarantine report . . . 63
Quarantine Reports Template . . . 63
Defining recipients of a quarantine report . . . 65
Inspecting the contents of files attached to incoming email messages . . . 66
Configuring the DNSBL/Spam Flow setting . . . 67
Setting up access privileges for the End User Interface . . . 68
Tracking email messages . . . 69
Chapter 4. Alerts, system events, and
logs . . . 71
Using email and SNMP alerts . . . 71
Defining recipients of alert messages . . . 73
Configuring advanced parameters for event notification . . . 73
Managing system-related events . . . 75
Viewing log files. . . 76
Generating a diagnostic file . . . 76
Viewing log files to determine why an email message was blocked . . . 76
Chapter 5. Predefined reports . . . 77
Types of predefined reports . . . 77
Generating a predefined report . . . 78
Scheduling when to run predefined reports. . . . 78
Chapter 6. Backup and restore . . . . 81
Types of backups . . . 81
Backing up configuration settings . . . 82
Making full system backups . . . 83
Chapter 7. Updates . . . 85
Viewing the current status and licenses for spam protection . . . 85
Configuring advanced parameters for automatic updates. . . 89
Appendix A. End User Interface . . . . 91
Setting up access privileges for the End User
Interface . . . 91 Managing user accounts for the End User Interface 92 Configuring advanced parameters for the End User Interface . . . 93
Appendix B. Mail Security clusters. . . 95
About Mail Security clusters. . . 95 Creating a new Mail Security cluster . . . 96 Joining an existing Mail Security cluster . . . 97 Changing a passphrase or an IP address for the
Mail Security cluster . . . 98 Removing a client from the Mail Security cluster . . 98 Erasing a cluster of Mail Security appliances . . . 99
Appendix C. Lotus Domino integration 101
Lotus Domino Server configuration . . . 101 Configuring the Domino Administrator desktop policy to enable integration. . . 101 Lotus Protector for Mail Security configuration . . 102
Enabling access privileges for Lotus Notes users 102 Enabling user authentication through your
Lotus Domino server . . . 103 Troubleshooting the LDAP connection to your Lotus Domino server . . . 104
Appendix D. Advanced parameters
105
General advanced parameters . . . 105 Advanced parameters for LDAP servers . . . . 106 Advanced parameters for message storages . . . 107 Advanced parameters for SMTP settings . . . . 108 Advanced parameters for the DNS Block List
(DNSBL) settings . . . 109 Advanced parameters for a replication of clusters 109 Advanced parameters for the End User Interface 110
Appendix E. Accessibility features for
Lotus Protector for Mail Security . . . 111
Notices . . . 113
Trademarks . . . 114
Tables
1. New features for Lotus Protector for Mail
Security V2.8 . . . vii
2. Navigation tree categories . . . 1
3. Lotus Protector Manager icons . . . 1
4. Status indicator lights on the Home page 3 5. Protection status categories. . . 3
6. Assessment status settings . . . 4
7. Traffic status settings . . . 5
8. Resources status settings . . . 5
9. Updates status settings . . . 6
10. System status settings . . . 7
11. License key settings . . . 8
12. Required network services . . . 10
13. Lotus Protector for Mail Security passwords 12 14. Example of a Routing table . . . 16
15. DNS MX record configuration with failover and load distribution example . . . 19
16. DNSBL border IP addresses . . . 29
17. Components of a policy rule . . . 45
18. Types of Who Objects . . . 46
19. Verifying Who Objects . . . 47
20. Condition Objects . . . 49
21. Sender Policy Framework module results 51 22. Types of Response Objects . . . 54
23. Types of message storages . . . 61
24. Spam flow settings . . . 67
25. DNSBL list settings . . . 67
26. End User Interface settings . . . 68
27. Predefined reports . . . 77
28. Component and license status . . . 85
29. End User Interface tasks . . . 92
30. General advanced parameters . . . 105
31. LDAP server advanced parameters . . . . 106
About this publication
This publication describes the features and capabilities of IBM®Lotus®Protector for Mail Security.
Audience
This publication is intended for network system administrators who are responsible for installing and configuring Lotus®Protector for Mail Security, applying mail security best practices, configuring SMTP services, and if needed, running applications on VMware.
Latest product documentation
For the latest product documentation, go to the IBM Lotus®Protector for Mail Security Documentation
site at https://www.ibm.com/developerworks/lotus/documentation/protector/mailsecurity/.
License agreement
For licensing information about IBM Lotus®Protector for Mail Security, view the IBM Licensing
Agreement site at http://www.ibm.com/software/sla/sladb.nsf/search.
What's new in Version 2.8
The following table lists features new to IBM Lotus®Protector for Mail Security V2.8, and tells you how
to get started using those features.
Table 1. New features for Lotus Protector for Mail Security V2.8
New feature How do I use it?
File Attachment Analysis You can set up Lotus Protector for Mail Security to inspect the content (keywords, regular expressions, URLs) of files attached to incoming email messages.
LMI navigation: SMTP > File Attachment Analysis
More info: “Inspecting the contents of files attached to incoming email messages” on page 66
Global IP Access List You can set up a list of IP addresses that are allowed or denied access at the start of an incoming SMTP
connection. This feature is used by the Dynamic Host Reputation Filter and the DNSBL settings.
LMI navigation: SMTP > SMTP Configuration > Receiving SMTP > Global IP Access List
More info: “Configuring a global IP access list” on page 28
ICAP server You can set up Lotus Protector for Mail Security to provide realtime virus scanning services to ICAP-compatible clients such as IBM®
Connections, IBM Lotus Quickr®, or Squid 3.x.
LMI navigation: System > ICAP Server
Table 1. New features for Lotus Protector for Mail Security V2.8 (continued)
New feature How do I use it?
Rejection handling for IP addresses using the Silent Drop option
You can set up the SMTP service to reject an incoming email message, but not notify the sender of the email that the email message has been rejected. This method is used to prevent spammers from probing for valid email addresses.
This feature is used by the Dynamic Host Reputation Filter, the Global IP Access List, Recipient Verification, and Zero Level Analysis (ZLA).
Configuring system routes manually You can use the Manage network routes using
Management Interfaceoption to influence how system routes are handled by the Routing policy.
When you enable the option, Lotus Protector for Mail Security uses the system routes that you have configured in the Local Management Interface (LMI). When you disable this option, all system routes are left as is so that you can implement special routing settings that are not currently available in the LMI.
LMI navigation: System > Routes
More info: “Configuring system routing manually” on page 17
Updated version of SUSE Linux Enterprise Server (V2.8.1.0)
The underlying operating system is updated from SUSE Linux Enterprise Server 10 to SUSE Linux Enterprise Server 11.
Technical support
IBM provides technical support to customers who are entitled to receive support.
The IBM Support Portal
Before you contact IBM about a problem, see the IBM Support Portal at http://www.ibm.com/software/ support.
The IBM Software Support Guide
If you need to contact technical support, use the methods described in the IBM Software Support Guide at http://www14.software.ibm.com/webapp/set2/sas/f/handbook/home.html.
The guide provides the following information:
v Registration and eligibility requirements for receiving support
v Customer support telephone numbers for the country in which you are located v Information you must gather before you call
Using Lotus Protector for Mail Security with a command line
Using the command line for read-only access (such as to view settings, services, logs, processes, disk space, or to query the database) is supported. However, using the command line to perform configuration modifications of Lotus Protector for Mail Security voids your IBM Support agreement unless these
procedures are followed.
Any changes made to Lotus Protector for Mail Security using the command line must be: v Authorized in writing by IBM Support.
v Implemented by an IBM Partner, reseller, or internal employee.
v Summarized and documented in a text file in /root/lib/customization on the Lotus Protector for Mail Security management console.
Chapter 1. Getting started with Lotus Protector Manager
This chapter describes how to start using Lotus Protector for Mail Security after you have configured initial network settings with the Setup Assistant.
Navigating the Lotus Protector Manager
The topic explains the navigation features of the Lotus Protector Manager.
Left navigation pane
In the left pane, select the category in the tree that you want to configure. Some categories have more than one component for you to configure. Expand the tree to display a list of configurable elements. The following table describes each category of the navigation tree:
Table 2. Navigation tree categories
Category Description
Home This site provides information about the current health and system status of Lotus Protector for Mail Security, including statistics of email message and data flow.
Mail Security The options in the Mail Security category explain how to configure a mail security policy that contains a set of rules that define how Lotus Protector for Mail Security should inspect and filter both incoming and outgoing mail traffic.
SMTP The options in the SMTP category explain how to configure SMTP service settings for Lotus Protector for Mail Security and how to manage the queues for the SMTP server.
System The options in the System category explain how to set up alert notifications, how to configure firewall settings, and how to make adjustments to configuration settings for Lotus Protector for Mail Security, such as network settings, passwords, and date or time settings.
Backup and Restore
The options in the Backup and Restore category explain how to manage snapshots of configuration settings, how to create complete system backups, and how to back up log files generated by Lotus Protector for Mail Security.
Updates The options in the Updates category show the status of the licensed security modules and how to configure Lotus Protector for Mail Security to download and install updates for its security modules and firmware.
Support The options in the Support category explain how to view contact information and how to create support data files for IBM Support.
Lotus Protector Manager icons
The following table describes icons that appear on pages in the Lotus Protector Manager:
Table 3. Lotus Protector Manager icons
Icon Description
Table 3. Lotus Protector Manager icons (continued)
Icon Description
Click this icon to remove an item from the list.
Note: In some cases, when you click this icon, you might receive a warning that an item is already being used in another location (for example, in a policy rule or by another object). You should resolve this dependency first, before you remove the object.
Select an item in the list and click this icon to move the item up the list. Select an item in the list and click this icon to move the item down the list. Select an item in the list and click this icon to copy the item to the clipboard.
Tip: You can use the standard SHIFT+click or CTRL+click methods to select adjacent or non-adjacent items in the list.
Click this icon to paste a copied item from the clipboard into a list. Items you paste appear at the end of the list.
If this icon is displayed on a page or next to a field on a page, then you must enter required data in a field, or the data you have entered in a field is not valid.
Administrator session or Limited Access mode
Home page
This site provides information about the current health and system status of Lotus Protector for Mail Security, including statistics of email message and data flow.
Status indicator lights
The indicator lights on each status tab provide a brief status summary for Lotus Protector for Mail Security:
Table 4. Status indicator lights on the Home page
Indicator light Color Description
[G] Good
Green Indicates that Lotus Protector for Mail Security services are operating as expected.
[W] Warning
Yellow Indicates that one or more services for Lotus Protector for Mail Security has encountered a problem. Try to correct this problem as soon as possible.
[E] Error
Red Indicates that one or more services for Lotus Protector for Mail Security is experiencing a problem. Try to resolve this problem immediately.
Tip: The screen might provide an explanation of the issue and suggested actions for resolving the error.
Protection status
The Protection status tab provides a general overview of the categories of email messages that Lotus Protector for Mail Security has analyzed over a given period of time. Additionally, this page informs you if the level of protection provided by Lotus Protector for Mail Security is not sufficient enough, (for example, disabled Firewall), and provides suggestions on how to remedy such problems.
Table 5. Protection status categories
Category Description
Compliance Email messages that might contain confidential data.
Ham Email messages that do not contain advertising or inappropriate content.
IP Blocking Email messages that were rejected by the SMTP service, because the sending host IP address is known to be a spamming host.
Other Email messages that do not belong in one of the other predefined categories.
Phishing Email messages in which a perpetrator sends legitimate-looking email in an attempt to gather personal and financial information from recipients.
Recipient Verification Email messages that might have been sent to a user who does not exist in the organization. Remote Malware
Detection
Email messages that are detected by antivirus software as containing known malware files such as computer viruses, worms, Trojan horses, root kits, and spyware (programming that gathers information about a computer user without permission).
Signature Virus Detection
Email messages that are detected by antivirus software as containing signature-based viruses. Spam Email messages that contain unsolicited advertisements or offensive content.
ZLA NDR Email messages that have been detected by the Zero Level Analysis module. These messages have failed transmission and did not reach the intended recipient of the message.
Assessment status
The Assessment status tab provides an overview of the current health status of Lotus Protector for Mail Security.
Note: Lotus Protector for Mail Security might throttle processing of email traffic in order to alleviate the situation (for example, accept less incoming email messages from other hosts), if one of the following values is too high. However, if Lotus Protector for Mail Security remains in an unhealthy state for a long period of time, you might want to consider adjusting your setup.
Table 6. Assessment status settings
Setting Description
Database Writer Queue The number of records of analyzed email messages that have not been written to the database yet.
Analysis Queue Rating The current fill level of the SMTP queue used to temporarily store email messages until they are analyzed by Lotus Protector for Mail Security (unchecked queue). Resource Shortage The current status of RAM and disk usage of Lotus Protector for Mail Security.
Possible values include:
v 0 = The amount of free memory and disk space is sufficient.
v 1 = Lotus Protector for Mail Security has detected a shortage of memory or disk space, which may negatively impact its operation. You should monitor this situation and remedy it if necessary.
v 2 = Lotus Protector for Mail Security has almost run out of available resources. You should try to solve this situation immediately.
Note: If Lotus Protector for Mail Security has detected a shortage of available resources, it will generate the event(s) (MSM_ResourceError) on the Events page (System > Events). The event contains additional information about the issue. Message Tracking Queue The current fill level of the queue used to store the Message Tracking Data in the
Lotus Protector for Mail Security database.
IPC Queue Rating The current fill level of the communication channel between the SMTP service and the Mail Security.
Send Queue Rating The current fill level of the SMTP service queue for outgoing email messages (send
Traffic status
The Traffic status tab shows incoming and outgoing network traffic over a given period of time.
Table 7. Traffic status settings
Setting Description
Incoming (Minute Average) Total number of email messages received over a given period of time. Outgoing (Minute Average) Total number of email messages delivered over a given period of time. Queued for Analysis Shows the number of email messages waiting to be analyzed by Lotus
Protector for Mail Security.
Queued for Delivery Shows how many email messages have been analyzed and are waiting to be delivered by the SMTP module.
Queued for Re-Delivery Shows the number of email messages that have already attempted to be delivered to the destination SMTP server, but the delivery failed with a temporary error, such as the host was not reachable.
Attention: A large number of email messages in the redelivery queue can indicate a permanent problem with delivery (such as an issue with configuration).
Resources status
The Resources status tab shows information about the system resources in use for Lotus Protector for Mail Security. This information might be helpful if you must contact IBM Support about a problem.
Table 8. Resources status settings
Setting Description
System
CPU Usage (Percent) Monitors processor resources used by user-level processes and the system kernel.
System Load Monitors the amount of work that the system is doing. Memory Usage (MB) Monitors how much of the installed memory is free.
Hard disks
System (MB) Monitors the amount of disk space being used for the system running Lotus Protector for Mail Security. Data Storage (MB) Monitors the amount of data stored on the system
running Lotus Protector for Mail Security.
Database (MB) Monitors the amount of disk space being used for the Lotus Protector for Mail Security database.
Updates status
The Updates status tab shows the current status of the latest updates to Lotus Protector for Mail Security.
Table 9. Updates status settings
Component Description
Appliance Firmware The latest version of the firmware version of the Lotus Protector for Mail Security software.
Content Filter Database (Web) The version of the Content Filter Database currently in use by Lotus Protector for Mail Security.
This Web version of the Content Filter Database contains URLs and classification of web pages.
Content Filter Database (Mail) The version of the Content Filter Database currently in use by Lotus Protector for Mail Security.
The Mail version of the Content Filter Database contains spam signatures for all known spams (gathered by spam collectors and other sources).
Bayes Filter Database The version of the Bayes Filter Database currently in use by Lotus Protector for Mail Security.
The Bayes Filter Database is pre-trained by IBM to identify spam using words and other tokens that routinely appear in legitimate email streams.
Spam Heuristics The version of the Spam Heuristics signatures currently in use by Lotus Protector for Mail Security.
The Spam Heuristics signatures use rules describing the characteristics of spam in order to assess incoming email messages (headers and body text) and attachments. Spam Keyword Analysis The version of the Spam Keyword Analysis signatures
currently in use by Lotus Protector for Mail Security. The Spam Keyword Analysis signatures include standard keywords and patterns (regular expressions) that are typically found in spam email messages.
Phishing The version of the Phishing signatures currently in use by Lotus Protector for Mail Security.
IBM uses a variety of methods to detect phishing email messges. The URL checker is able to detect links to banking and other commercial sites in all spam coming from the spam collectors. Phishing email messages also show typical heuristics compared to regular spam, and are categorized separately from regular spam in the filter database.
CAL Scripting A module that contains highly specialized algorithms for detecting certain types of spam.
Note: This module is maintained and updated by IBM. Antivirus Signatures The version of the Antivirus signatures currently in use
System status
The System status tab shows the current status of Lotus Protector for Mail Security.
Table 10. System status settings
Setting Description
Base Image Revision The base or initial version of the Lotus Protector for Mail Security software.
Note: The base version is the software version shipped with Lotus Protector for Mail Security, or the software version of the most recent system backup.
Firmware The firmware version of the Lotus Protector for Mail
Security software that is currently installed.
Uptime The length of time that Lotus Protector for Mail Security has been online.
Last Restart The date Lotus Protector for Mail Security has been turned on or was restarted, given in the yyyy-mm-dd hh:mm:ssformat (for example, 2011-12-31 12:45:10). System Time The current system time of the machine running the
Lotus Protector for Mail Security software.
Total Network Interfaces The number of physically installed network interfaces on your Lotus Protector for Mail Security.
Bound IP Addresses The IP addresses currently in use by Lotus Protector for Mail Security as configured by the Administrator. Last System Backup The date that the last system backup was created, given
in yyyy-mm-dd hh:mm:ss format (for example, 2011-12-31 12:45:10).
Section A: Recommended tasks
This section provides procedures that you should follow after you have installed and configured initial settings for Lotus Protector for Mail Security.
Installing license keys
The Updates and Licensing page (Updates > Updates and Licensing) provides important information about the current status of your license keys, including expiration dates.
About this task
You can view information for each license you purchase for Lotus Protector for Mail Security:
Table 11. License key settings
Setting Description
Serial Number The serial number of the license key.
Note: Each license key has its own serial number, unique to the Identity and the OCN. OCN The Order Confirmation Number (OCN) or your customer number with IBM.
Expiration The date the license expires, given in the yyyy-mm-dd format: 2011–12–31. Maintenance
Expiration
The date the maintenance agreement expires, given in the yyyy-mm-dd format: 2011–12–31.
Procedure
1. Click Updates > Updates and Licensing in the navigation pane. 2. Click the Licensing tab.
3. Click Install a new license key. 4. Locate or provide the license key.
Backing up configuration settings
The process for updating Lotus Protector for Mail Security is designed to keep it up-to-date while taking the precautionary action of backing up your system before you install updates that alter original
configuration settings.
About this task
Create a settings snapshot file of the original configuration settings for Lotus Protector for Mail Security before you apply firmware updates or change your configuration settings. You can also create additional settings snapshot files later if you want to use different configuration settings or test new policy settings. The default settings snapshot file, factoryDefault.settings, contains the original Lotus Protector for Mail Security settings. You should create a settings snapshot file before you change your configuration settings.
Procedure
1. Click Backup and Restore > System in the navigation pane. 2. Click Manage Configuration Backups.
3. In the Configuration Backups section, choose an option:
Option Description
Create a snapshot file 1. Click New.
2. Type a name for the snapshot file, and then click
Create.
Restore a snapshot file Select the snapshot file you want to restore, and then click Restore.
Delete a snapshot file Select the snapshot file you want to delete, and then click
Delete.
Upload a snapshot file 1. Click New.
2. Type the name of the snapshot file you want to upload, and then click Upload.
Applying mail security updates
Before you begin to use Lotus Protector for Mail Security, you should apply the latest mail security updates to its database. You can configure Lotus Protector for Mail Security to automatically retrieve updates from the IBM Download Center.
About this task
The mail security updates provide daily updates of URLs and spam signatures for Lotus Protector for Mail Security.
Important: You should update your local mail security database at least once daily to keep it current.
Procedure
1. Click Updates > Updates and Licensing in the navigation pane.
2. Click View versions online at the bottom of the page to access a list of each update and its contents. 3. After you have downloaded and installed your license keys, click Configure Automatic Updates. 4. Make sure Automatically Update Mail Security Database is enabled in the Mail Security Database
Updatessection. 5. Click Save Changes.
Configuring the local firewall
You might need to configure the local firewall for Lotus Protector for Mail Security in order to control access to the provided services from any network attached to a specific network interface.
About this task
Use options on this page to control access to services provided by Lotus Protector for Mail Security. In order for Lotus Protector for Mail Security to function properly, you might need to change settings on your corporate firewall or any other firewall deployed between Lotus Protector for Mail Security and the service provider, such as a directory service.
Procedure
1. Click System > Firewall in the navigation pane.
2. Verify services for Lotus Protector for Mail Security are enabled correctly or are accessible:
Table 12. Required network services
Service Port number Description
SMTP TCP 25 Enables access to the SMTP service through the specified network interfaces, to allow internal and external SMTP servers to relay email messages to Lotus Protector for Mail Security.
HTTPS TCP 443 Enables access to Lotus Protector Manager from networks attached to the specified network interfaces.
SSH TCP 22 Enables an SSH client (for example, PuTTY) to connect to the command line interface for Lotus Protector for Mail Security.
Access to End User Interface
Table 12. Required network services (continued)
Service Port number Description
Database access
TCP 5432 Enables the clients of a Mail Security cluster to access the database of the central appliance
Attention: Make sure this option is enabled before you create a Mail Security cluster or an appliance joins a Mail Security cluster.
Cluster
communications
TCP 4990 Enables members of a Mail Security cluster to communicate with this host.
Attention: Make sure this option is enabled before you create a Mail Security cluster or an appliance joins a Mail Security cluster.
ICMP ping Enables Lotus Protector for Mail Security to answer ICMP echo requests (ping) on the specified network interfaces.
Defining Administrator email addresses and system notification
accounts
You must set up the email addresses for the Administrator of your local mail environment and to define the email accounts used by Lotus Protector Manager to send status notification messages for
undeliverable email messages or quarantine reports.
Procedure
1. Click SMTP > Configuration in the navigation pane. 2. Click the Global tab.
3. Provide the following information:
Option Description
Root Domain The primary mail domain of the SMTP service.
For example, this value is sent by the SMTP service in return of an HELO/EHLO command by an SMTP client.
Postmaster The email address of the person responsible for the mail
system in the organization.
Error Admin The email address of an Administrator who should be
notified of permanent delivery errors.
Note: If you leave the field blank, only the original sender of the email message receives a notification if an attempt to deliver the email message was not successful.
Temporary Error Admin The email address of an Administrator who should be
notified of temporary delivery errors.
Note: If you leave the field blank, only the original sender of the email message receives a notification if an attempt to deliver the email message was not successful.
Send New Email As The email address used by Lotus Protector Manager as
the sender for locally generated email messages.
Send Quarantine Report As The email address used by Lotus Protector Manager as the sender of the quarantine report.
Section B: Optional tasks
This section provides optional procedures that you can follow after you have installed and configured initial settings for Lotus Protector for Mail Security.
Changing passwords for Lotus Protector for Mail Security
This topic explains how to change the passwords for Lotus Protector for Mail Security accounts that you or another Administrator initially set up from the Setup Assistant.
Before you begin
To change a password, you must know the current password.
About this task
When you configure Lotus Protector for Mail Security, you must supply passwords for these accounts:
Table 13. Lotus Protector for Mail Security passwords
Account Purpose
root Enables you to access the operating system of Lotus
Protector for Mail Security.
Admin Enables you to access the Setup Assistant and Lotus
Protector Manager for the Lotus Protector for Mail Security.
Procedure
1. Click System > Admin Passwords in the navigation pane. 2. Choose an option:
If you want to change the... Then...
root password 1. In the root section, type the current password.
2. Click Enter Password.
3. Type and confirm the new password.
Admin password 1. In the Admin section, type the current password.
2. Click Enter Password.
Changing date and time settings
This topic explains how to change the date and the time of Lotus Protector for Mail Security, and to enable the network time protocol (NTP) to synchronize Lotus Protector for Mail Security time with a network time server.
About this task
The Time page always contains the last manually configured values for date and time options, not the actual date and time. When you save the settings, Lotus Protector for Mail Security is set to the currently configured values, whether you have changed them or not.
Important: To avoid resetting the time and date to the previously configured values, update the time and date before you save the settings.
Procedure
1. Click System > Time in the navigation pane. 2. Choose an option:
If you want to... Then...
Change the date and time of Lotus Protector for Mail
Security 1. Click the Date and Time arrow to see the calendar.
2. Select the correct month and date.
Tip: Use the arrows at the top to change the month and year in the calendar.
3. Select the hour and minutes in the Time boxes. 4. Click outside the calendar to close it.
5. Click the Time Zone arrow and select the correct time zone for your region.
6. Click Save Changes.
Enable the network time protocol (NTP) Note: NTP synchronizes the configuration time with a network time server.
1. Select the Enable NTP check box, and then type the name of the NTP server.
2. Click Save Changes.
Providing realtime virus scanning services to ICAP-compatible clients
This topic explains how to enable Lotus Protector for Mail Security to provide realtime virus scanning services to ICAP-compatible clients such as IBM Connections, IBM Lotus Quickr®, or Squid 3.x.
About this task
For specific instructions on enabling virus scanner services for IBM Connections or IBM Lotus Quickr, visit the IBM Connections Wiki site at http://www.lotus.com/ldd/lcwiki.nsf or the IBM Lotus Quickr Wiki site at http://www.lotus.com/ldd/lqwiki.nsf.
Procedure
1. Click System > ICAP Server in the navigation pane. 2. Select the Enable ICAP Server check box.
3. Type the server port for the ICAP Server, typically port 1344.
Managing network interfaces
If needed, you can change the initial configuration of the management port, default gateway port, and DNS servers.
Why you would need to change network settings?
You might need to change the network configuration settings for the following reasons: v Your company's network policy has changed
v Your company has relocated
v You have changed your Internet Service Provider v You have changed addresses
Configuring external interfaces
You can use a DHCP server for the external interfaces, or manually set the IP address and DNS servers for each network interface.
Procedure
1. Click System > Networking in the navigation pane. 2. Click the External Interface tab.
3. Select the Enabled box.
4. Type the host name of Lotus Protector for Mail Security, using this format: appliance.example.com 5. Select an IP address type:
Option Description
DHCP 1. Select DHCP.
2. If needed, select Enable Mac Cloning, and then type 6 hex pairs, separated by colons: AA:BB:CC:11:22:33
Static 1. Select Static.
2. Type the IP address for the external interface of Lotus Protector for Mail Security, and then press ENTER. 3. Type the subnet mask (network mask) value. 4. Type the gateway IP address.
6. Select a setting for your Domain Name Server (DNS):
Option Description
Use Dynamic Settings (enabled) Enables dynamic settings for your Domain Name Server.
Tip: You can only use dynamic settings with DHCP or PPPoE; you cannot use it if your external interface uses a static IP address.
Use Dynamic Settings (disabled) Uses static settings for your Domain Name Server: v Type the IP address for Primary DNS Server,
Secondary DNS Server, Tertiary DNS Server, using the dotted decimal format: 127.0.0.1
Configuring internal interfaces
You can configure which network interface Lotus Protector for Mail Security uses.
Procedure
1. Click System > Networking in the navigation pane. 2. Click the Internal Interface tab.
3. Click Add.
4. Select an interface from the list.
Tip: ETH0 is always the primary internal interface. 5. Select the Enabled box.
6. Type the following IP addresses or values: v Destination IP address
v Subnet mask value v Gateway IP address 7. Click Save Changes.
Routing network traffic
Lotus Protector for Mail Security routes traffic on the networks and subnetworks connected to it. You must assign IP network settings to the interfaces, including IP addresses, subnetwork mask, and gateway router IP addresses.
How Lotus Protector for Mail Security routes traffic
Lotus Protector for Mail Security routes traffic on the networks and subnetworks connected to it. You must assign IP network settings to the interfaces, including IP addresses, subnetwork mask, and gateway router IP addresses.
In routing mode, one of the basic functions of Lotus Protector for Mail Security is to route network traffic from one physical network to another network. These networks are connected to the multiple interfaces of Lotus Protector for Mail Security.
For routing to occur, you must enable the interfaces and physically connect them to their corresponding networks. You must also assign network information to the interfaces such as IP addresses and subnet masks. The external and internal interfaces are enabled and configured during the initial setup. You can use additional internal interfaces as needed to connect Lotus Protector for Mail Security to other internal networks.
Route precedence in the Routing table
If there are two or more routes for identical destinations, the most specific route in the Routing table takes precedence.
In this example, a packet destined to the host 10.1.1.1 uses the 192.168.1.2 route.
Table 14. Example of a Routing table
Destination Subnet mask Gateway IP address
Adding a static route
You can add a static route to Lotus Protector for Mail Security.
Procedure
1. Click System > Routes in the navigation pane. 2. Click the Add icon.
3. Type the following IP addresses or values: v Destination IP address
v Subnet mask value v Gateway IP address
4. If needed, type a value in the Metric field.
Note: The Metric (or hop count) indicates the number of routes or segments between the source and destination.
5. Click OK, and then click Save Changes.
Configuring system routing manually
This topic explains how the Manage network routes using Management Interface option affects how system routes are handled by the Routing policy.
Procedure
1. Click System > Routes in the navigation pane.
2. For the Manage network routes using Management Interface option, choose one of the following:
Option Description
Enable the check box All system routes will be set up as you have the routes configured in the Local Management Interface (LMI). Any customization made from the command line is overwritten.
Clear the check box All system route settings remain as is; no system routes
are deleted or created.
This scenario works well with network environments that require special routing settings that are not currently available in the LMI.
Example: You want to use the console to add routing settings that are not available in the LMI
(/etc/sysconfig/network/routes). Lotus Protector for Mail Security will detect the system routing settings that you have added, but will not change them.
Chapter 2. SMTP configuration
This chapter describes how to set up Lotus Protector for Mail Security to process mail traffic.
Deploying Lotus Protector for Mail Security
The Administrator who sets up Lotus Protector for Mail Security must make sure all incoming SMTP traffic is routed through Lotus Protector for Mail Security before the traffic is delivered to internal mail servers.
This topic explains methods that are used for Internet mail exchange and how these methods affect or relate to setting up Lotus Protector for Mail Security. You should read this information if you are not familiar with Internet mail exchanger deployments and configuration.
Fast path: If you are only interested in how MX records affect your setup of Lotus Protector for Mail Security, go to the paragraphs labeled Fast path for a brief explanation of that section.
DNS MX records
When an email message is sent through the Internet, the sender of the email message must determine the receiving host name responsible for processing email messages for a domain, which is the domain part of an email address (for example, ibm.com in [email protected]). In order to determine the receiving host name, the sender queries the recipient's DNS server for Mail eXchanger records (MX records) belonging to the domain found in the domain part of the recipient's email address. This record typically points to a fully qualified host name (for example, server1.ibm.com) that resolves to an actual IP address (known as an A
record).
MX records contain an attribute known as an MX preference. An MX preference is used by the sender to determine the priority of a mail server, in case there are multiple hosts responsible for a single domain. By default, the host will choose the mail server with the lowest MX preference value (indicating the lowest cost like metric in IP routes) and will fail over to another referenced host with the lowest
preference. If two or more MX records have an identical preference value, the sender might choose a mail server at random (depending on the implementation of the server). Identical preferences for several MX record entries is commonly used to distribute load among multiple servers.
Table 15. DNS MX record configuration with failover and load distribution example
Responsible mail exchangers MX preference
server1.ibm.com 10
server2.ibm.com 20
server3.ibm.com 20
For example, assume the MX records for ibm.com are configured like the values shown in Table 15. An SMTP server will first try to deliver an email message for [email protected] to server1.ibm.com. If the SMTP server is not able to connect to server1.ibm.com, it will choose to deliver the message, at random, to either server2.ibm.com or server3.ibm.com.
Note: DNS population can take up to three days on the Internet. If you must change DNS entries for your environment, make sure you can reroute SMTP traffic to obsolete IP addresses on Lotus Protector for Mail Security during this time.
Inbound SMTP traffic
When a host tries to deliver an email message to a destination SMTP server, as specified by DNS MX records, it tries to establish a connection with the destination host. By design, an email message is not always delivered directly to its destination by the server. The server might deliver the email message to another SMTP server instead, which is then responsible for delivering the email message. This method is known as relaying; an SMTP server that allows relaying is called an SMTP relay.
Lotus Protector for Mail Security acts as an SMTP relay when it allows hosts to relay email messages to your users. Unlike other SMTP relays, Lotus Protector for Mail Security does not store and forward email messages to internal mail servers. Instead, it stores incoming email messages locally until those messages have been analyzed and processed. When an email message has been analyzed, delivery of the email message is either allowed or declined, depending on your policy rules. If delivery of an email messages is allowed, Lotus Protector for Mail Security will relay the email message to internal SMTP servers where users connect to access their email accounts.
Most often, Lotus Protector for Mail Security is deployed to receive incoming email messages directly from the Internet, meaning SMTP traffic (on the IP layer) is routed to Lotus Protector for Mail Security by a gateway or firewall.
However, in some scenarios it might be useful or necessary for you to relay incoming email messages through other SMTP servers before passing the messages to Lotus Protector for Mail Security (for
example, in cases where you must perform additional analysis or to compensate for strong peaks in email traffic or network constraints).
Outbound SMTP traffic
You can also use Lotus Protector for Mail Security to handle outbound SMTP traffic in which it analyzes and relays email messages that are leaving your environment. For example, you can use Lotus Protector for Mail Security to prevent confidential data from leaving your environment by email message, to enforce encrypted delivery of confidential data, to relay email messages to other SMTP servers in case of network constraints, or to generate statistics on outbound traffic.
As mentioned in the section on DNS MX Records, SMTP servers must determine where to deliver email messages to a specific domain. In general, SMTP servers try to deliver email messages using DNS resolution and by communicating directly to one of the specified servers.
Fast path: If you want to set up Lotus Protector for Mail Security to act as an outbound relay, you must add forwarding rules to your internal mail servers that allow them to relay outgoing email messages to Lotus Protector for Mail Security. Because of the built-in anti-relay check, you must add the internal mail servers as relay hosts for Lotus Protector for Mail Security, in order for Lotus Protector for Mail Security to accept email messages to any domain from these hosts. Choose whether Lotus Protector for Mail Security should deliver email messages directly using DNS resolution or if outgoing email messages should be forwarded to other SMTP relays that in turn will take care of delivery.
Note: Lotus Protector for Mail Security will automatically fall back to DNS resolution for domains that do not have a forwarding rule.
Configuring SMTP service settings
Configuring general SMTP service settings
This topic explains how to configure the behavior of the SMTP service when it is receiving email messages from other SMTP servers.
Procedure
1. Click SMTP > Configuration in the navigation pane. 2. Click the Receiving SMTP > Settings tab.
3. Provide the following information:
Option Description
Enable Logging Instructs the SMTP service to write information about
email message deliveries to a log file. This log file is named smtp-yyyymmdd0000.
Note: The SMTP service logs several lines to its log file for each delivery attempt. For successful delivery attempts, the SMTP service writes one log entry for each recipient of an email message and, additionally, one log entry if the transmission of the email message was successful.
Port Specifies the port number on which the SMTP service is
listening.
Default: port 25
Attention: If you change this value, other SMTP servers might not be able to transmit email messages to Lotus Protector for Mail Security, because those servers are trying to open a connection to the default SMTP port (which is TCP port 25).
If you must change the listening port of the SMTP service, consider adding a translation rule at the firewall.
Max Recipients per Message SMTP server might try to transmit an email message to multiple recipients within a single transaction.
This value regulates the maximum number of recipients allowed in a single message transaction.
Default: 100 recipients
Max Messages per Session An SMTP server might try to deliver several email messages to Lotus Protector for Mail Security using the same connection.
This value defines how many email messages an SMTP server is allowed to transmit, before it is forced to establish a new connection to Lotus Protector for Mail Security.
Session Timeout Specifies the amount of time before an SMTP session
times out.
A timeout can occur when the SMTP service does not receive any data from the SMTP server within the configured amount of time. In this case, the SMTP service closes the connection to the peer.
Option Description
Max Message Size (KB) Defines the maximum size of an email message, in
Kilobytes, that the SMTP service will accept from other SMTP servers.
Note: If you set this value to zero, the SMTP service will allow any message size.
Allow NULL Sender If enabled, the SMTP service accepts email messages
even if the SMTP server did not specify an originator with the MAIL FROM: command.
If disabled, the SMTP service rejects the transmission.
Max SMTP Errors per Session Defines how many protocol errors, such as syntax errors, an SMTP server is allowed to cause before the SMTP service enforces the termination of the connection.
Check Mailer Domain Select if you want the SMTP service to perform a DNS
lookup on an MX record for the domain of the sender's email address, as provided by the MAIL FROM command, for validation.
The SMTP service will only accept email messages from senders whose email address domain part has a valid MX record.
Max MTA Hops Defines the maximum number of SMTP servers an email
message is allowed to be relayed by so far, determined by the number of Received Fields in the Header of the message.
If this number exceeds the defined limit, the SMTP service rejects the transmission.
Default: 20
Enable Reverse DNS Lookup Select if you want the SMTP service to determine if the IP address of an SMTP server resolves to an actual valid host name (meaning a DNS record exists that is pointing to the IP address of the peer).
If the SMTP service cannot resolve the host name of the SMTP server, it will not accept any email messages from this SMTP server.
Return Path Domain Check Select if you want the SMTP service to verify that the domain part of the sender's email address, provided by the MAIL FROM command, is compliant with RFC2821 Section 4.1.2.
This means that the domain part only contains letters, numbers, hyphens, and dots in a specific format.
Helo Domain Check Select if you want the SMTP service to verify that the
argument, provided by the HELO/EHLO command, is compliant with RFC2821 Section 4.1.2.
Option Description
Forward Path Domain Check Select if you want the SMTP service to verify that the domain part of the recipient's email address, provided by the RCPT TO command, is compliant with RFC2821 Section 4.1.2.
This means that the domain part only contains letters, numbers, hyphens, and dots in a specific format.
SMTP Greeting Specifies the welcome message (greeting) the SMTP
service sends to an SMTP client when a connection is established, meaning that it is ready to process commands.
Received Header The SMTP service adds information to the email message
header (Received Field) such as when and by whom the email message was transmitted. You can regulate the amount of information in this header field using one of the following levels:
v Standard (client IP shown, server IP not): The SMTP service adds the IP address of the SMTP server to the header field, but omits its own IP address.
v Verbose (client IP shown, server IP shown): The SMTP service adds the IP address of the SMTP server, as well as its own IP address to the header field.
v Strict (no IP shown): The SMTP service does not add any IP addresses at all (not its own or the IP address of the sender) to the header field.
Configuring Transport Layer Security (TLS) settings
This topic explains how to configure options that influence the behavior of the SMTP service if TLS encryption is requested by an SMTP client.
Before you begin
To use the options described in the following procedure, you must install an SMTP TLS certificate. See
Uploading TLS certificates for more information.
Procedure
1. Click SMTP > Configuration in the navigation pane. 2. Click the Encryption (TLS) tab.
3. Enable these settings if you want to use TLS:
Option Description
Require Certificates Instructs the SMTP service to request a certificate from the SMTP server.
If the SMTP server does not supply a certificate, delivery of email messages from this server is prohibited.
Verify Certificates If enabled, the SMTP service tries to verify the certificate of the SMTP server (if it has sent one).
If the verification process fails, the SMTP service will not accept any email messages from the SMTP server.
Allow Self-Signed Certificates The SMTP service will accept a certificate from the SMTP servers that have not been signed by a certificate
authority (for example, VeriSign, GlobalSign, CAcert).
Always Try TLS If enabled, the SMTP service uses Transport Layer
Security (TLS) in SMTP communications.
Also known as opportunistic TLS, the server will always try to connect to the target server using the TLS protocol. If the target server supports TLS, SMTP traffic is
encrypted. If TLS is not supported by the target server, the system will fall back to unencrypted communication, unless the delivery of specific email messages explicitly requires TLS (requested by a Response Object in the policy system). In this case, the SMTP service will not deliver the email message and sends a notification back to the originator.
Attention: TLS encryption support for receiving email messages is not enabled at the SMTP service unless you have uploaded a key file and a certificate on the TLS Certificates page (SMTP > TLS
Defining IP addresses for local domains and relay hosts
This topic explains how to specify the domain and IP number range for your organization, and to set up relay hosts that relay all outbound email messages through a specific mail host.
Procedure
1. Click SMTP > Configuration in the navigation pane. 2. Click the Receiving SMTP > Settings tab.
3. Provide the following information for local domains:
Option Description
Domain Defines the domain part of an email address (for
example, example.com from [email protected]) for which the SMTP service is accepting email messages.
Note: The use of the entry example.com does not necessarily mean that the SMTP service will accept email messages from subdomains of example.com (for example, department.example.com).
If you want the SMTP service to accept email messages for specific subdomains, you must add a separate entry for this subdomain. If you want the SMTP service to accept email messages for all subdomains, you must add an additional entry .example.com.
Mailserver(s) Specifies the IP address or host name of an SMTP server
for which email messages from a specific domain should be forwarded to after analysis.
Use a single entry or a list of entries separated by semicolons (;). A list will cause the SMTP service to perform a failover if the first host in the list is not available. If the list is prefixed with an #, the SMTP service will load balance over all SMTP servers in the list.
4. Provide the following information for relay hosts:
Option Description
IP Address Specifies the IP address of a host or network that is
allowed to relay email messages to Lotus Protector for Mail Security.
Subnet Mask Defines a range of IP addresses within a network that are
allowed to relay email messages.
Note: Do not delete the entry 127.0.0.1/255.255.255.255 because it allows Lotus Protector for Mail Security itself to generate and deliver email messages, such as quarantine reports or Non Delivery Reports (NDR), to other hosts.
Example: If you want a single host to relay email messages to Lotus Protector for Mail Security, add the IP address of this host (for example, 192.168.123.100) and use the Subnet Mask 255.255.255.255 with this entry.
Configuring a global IP access list
This topic explains how to configure a list of IP addresses that are allowed or denied access at the start of an incoming SMTP connection.
About this task
The behavior of the Global IP Access List is also affected by whether you are using border IP addresses, which are IP addresses that specify the outer border of the trusted network around Lotus Protector for Mail Security. See the “Configuring DNSBL settings” on page 29 topic for more information about using border IP addresses.
Procedure
1. Click SMTP > Configuration in the navigation pane. 2. Click the Receiving SMTP > Global IP Access List tab.
3. In the Allow List section, specify a list of hosts or networks that have been granted access to the SMTP server:
Option Description
IP Address Specifies the IP addresses that have been granted access
to the SMTP server.
Use CIDR notation to specify a block of IP addresses. For example: 123.123.123.123/14. The entry after the slash is the prefix length and is a number from 1 to 32.
Subnet Mask Specifies a range of affected systems for the subnet mask
of the IP address entered above.
When you add an IP address to the Allow List, every IP address from that sender is excluded from further IP-based checks (such as DNSBL checks at the SMTP level, Dynamic Host Reputation checks at the SMTP level, and RBL/DNSBL checks at the policy level). The IP addresses in the Allow List take precedence over the IP addresses in the Deny List.
Example:
Deny List uses 123.123.123.0/24 (123.123.123.1 - 123.123.123.255) Allow List uses 123.123.123.123/32
Lotus Protector for Mail Security will deny access for 123.123.123.1 - 123.123.123.122, allow access for 123.123.123.123, and deny access for 123.123.123.124 - 123.123.123.254.
4. In the Deny List section, manually add hosts or networks to a list of systems that are not allowed access to the SMTP server:
Option Description
IP Address Specifies the IP addresses that are not authorized to
access the SMTP server and will not be allowed to connect.
v Reject with Error: The SMTP service rejects deliveries of email messages from the sender and returns the given Error Code in combination with the defined Error Message.
v Silent Drop: The SMTP service rejects an incoming email message but does not notify the sender of the email that the email message has been rejected. This method is used to prevent spammers from probing for valid email addresses.
Configuring DNSBL settings
This topic explains how to configure a list of IP addresses that are blocked because these addresses allow spam to be sent from them, and to set scores for each available DNSBL (Domain Name Server Block List) server on your network.
About this task
DNSBL border IPs are IP addresses that specify the outer border of the trusted network around Lotus Protector for Mail Security. The following table lists the IP addresses that are considered DNSBL border IP addresses for Lotus Protector for Mail Security:
Table 16. DNSBL border IP addresses
DNSBL border IP address Where to find
Servers that relay to local domains SMTP> Configuration > Receiving SMTP > Settings >
Local Domains
Servers that relay through Lotus Protector for Mail Security
SMTP> Configuration > Receiving SMTP > Settings >
Relay Hosts
Servers that Lotus Protector for Mail Security forwards to SMTP > Configuration > Sending SMTP > Delivery >
Forward
A user-specified list of IP addresses separated by semicolons
host_reputation.border_ips
Important: You can use border IP addresses if Lotus Protector for Mail Security is receiving email messages directly from hosts on the Internet. However, you will not be able to use border IP addresses if Lotus Protector for Mail Security is behind an SMTP relay.
Procedure
1. Click SMTP > Configuration in the navigation pane. 2. Click the Receiving SMTP > DNSBL Settings tab. 3. Select the Enable box.
4. Provide an error code and an error message. 5. Click the DNSBL Settings button.
6. In the DNSBL Lists area, set a threshold value. If the sum of all DNSBL server match scores exceeds this number, the analyzed email message is considered a match for the Spam DNSBL analysis module.
7. Click Add.
8. Select the Enabled box.
Configuring Recipient Verification
Recipient Verification enables the SMTP service to immediately block email messages that are sent to a user who does not exist in your organization.
Procedure
1. Click SMTP > Configuration in the navigation pane. 2. Click the Receiving SMTP > Recipient Verification tab. 3. Select the Enable Recipient Verification box.
4. Choose how Lotus Protector for Mail Security should handle recipients who are rejected:
Option Description
Reject with Error Lotus Protector for Mail Security returns the given error
code and error message to the SMTP client.
The sender knows which SMTP addresses are valid, and which can be acceptable or unacceptable behavior.
Silent Drop The SMTP service rejects an incoming email message, but
does not notify the sender of the email that the email message has been rejected. This method is used to prevent spammers from probing for valid email addresses.
5. Provide an SMTP error code and an SMTP error message. 6. Choose the access type for the recipients:
Option Description
Denied All recipients who are not on the list of recipients are
rejected.
Allowed All recipients who are not on the list of recipients are
allowed.
You can either build a list of allowed recipients and reject all others, or build a list of rejected recipients and allow all others.
Attention: You can also use user-generated SMTP domain lists and SMTP address lists with Recipient Verification. You must add the list of file names (comma-separated list including the full path) to the file /etc/recipientverificationd.conf.
Any files that are placed in the directory /var/lib/recipientverificationd are deleted when you save a configuration. You should use another directory, for example, /var/lib/
Configuring Zero Level Analysis (ZLA)
Zero Level Analysis (ZLA) is a classification method that Lotus Protector for Mail Security uses on incoming email messages.
About this task
Although many junk messages are rejected at an early stage of message delivery, ZLA analyzes email messages during transmission where they are either discarded or rejected by the SMTP service.
Procedure
1. Click SMTP > Configuration in the navigation pane.
2. Choose which category ZLA uses to identify incoming email messages:
Category Description
Spam any type of unsolicited bulk email message, such as
phishing, advertisements, or malware.
Non Delivery Reports (NDR) Non Delivery Reports are sent back to the originator as a response to a failed transmission of an email message in order to indicate that the specified recipient did not receive the message.
Spammers often use spoofed email addresses as
originators of email messages. If a server rejects this type of message (for example, because the recipient of the message does not exist), it could cause the owner of a spoofed address to receive many Non Delivery Reports in error.
Attention: Be careful when you select a response for this category. Many Non Delivery Reports could be legitimate, for example, in the case where an originator of an email message has misspelled the recipients email address.
3. Defines how the SMTP service should handle email messages from a specific category:
Response Description
Block Message If selected, the SMTP service responds with an error
message at the SMTP level to the sender's attempt, which signals that the transmission of the email message has been rejected.
Silent Drop If selected, the SMTP service rejects an incoming email
